Data centers are no longer relying on rows and rows of fixed function servers, with each server running a single application. Today, data centers rely heavily on virtualization, enabling a single server to run multiple instances of operating systems and their applications concurrently. This enables data centers to dynamically allocate resources in response to demand. These dynamic resources include primarily applications and storage, and scale up and scale down in response to the needs of the clients accessing them. In advanced architectures, if the capacity of the data center is reached, additional virtual resources outside of the data center can also be used. In all of these cases, the use of virtualized resources is unnoticed and undetectable to the network clients. The virtual resources are indistinguishable from a non-virtualized physical resource. To access these virtual resources, directors and load balancers are used to steer and distribute resource requests to the various resources.
Before virtualization, each server was physically provisioned by an IT administrator and was trusted to deliver its advertised resource. After virtualization, a server could deliver many different resources, which are now independent of the physical server that is delivering the resource. The ability of pools of servers to deliver virtualized resources introduces new paths for attack and compromise of resources and resource requesters. Among these new paths for attack are insuring that when a resource is requested, that resource is being delivered by an authentic, trusted service and not an imposter. The presence of an imposter server is not necessarily the result of a malevolent action; this can also be cause by mis-configuration or the lack of proper re-configuration after a scale down event of virtual resources. A scale down event is when some number of virtual resources is decommissioned. The development of such a mechanism would constitute a major technological advance, and would satisfy long felt needs and aspirations in the network security industry.